Tatyana Ryutov
Kent E. Seamons
ABSTRACT
Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transactions, but it is vulnerable to malicious attacks leading to denial of service or leakage of sensitive information. This paper introduces an Adaptive Trust Negotiation and Access Control (ATNAC) framework to solve these problems. The framework combines two existing systems, TrustBuilder and GAA-API, to create a system with more flexibility and responsiveness to attack than either system currently provides.
- Becker, M. Y. and Sewell, P. Cassandra: distributed access control policies with tunable expressiveness. In Policies in Distributed Systems and Networks, June 2004. Google Scholar
Digital Library
- Bertino, B., Ferrari, E., and Squicciarini, A.C. Trust-X: A Peer-to-Peer Framework for Trust Establishment. In IEEE Transactions on Knowledge and Data Engineering, 16, 7 (July 2004). Google ScholarDigital Library
- Bonatti, P. and Samarati, P. A Unified Framework for Regulating Access and Information Release on the Web. In Journal of Computer Security, 10, 3, (2002), 241--271. Google ScholarDigital Library
- Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., and Ravid, Y. Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, May 2000, 2--14. Google ScholarDigital Library
- Jim, T. SD3: A Trust Management System With Certified Evaluation. In IEEE Symposium on Security and Privacy, Oakland, CA, May 2001. Google ScholarDigital Library
- Li, N., Mitchell, J., and Winsborough, W. RT: A role-based trust-management framework. In Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX III), April 2003.Google Scholar
- Nejdl, W., Olmedilla, D., and Winslett, M. PeerTrust: Automated Trust Negotiation for Peers on the Semantic Web. In Proceedings of the Workshop on Secure Data Management in a Connected World (SDM '04) in conjunction with 30th International Conference on Very Large Databases, Aug./Sept. 2004.Google ScholarCross Ref
- Ryutov, T. and Neuman, C. The Specification and Enforcement of Advanced Security Policies. In Third International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA, June 2002. Google ScholarDigital Library
- Ryutov, T., Neuman, C., and Kim, D. Dynamic Authorization and Intrusion Response in Distributed Systems. In Proceedings fo the 3rd DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C., Apr. 2003.Google ScholarCross Ref
- Ryutov, T., Neuman, C., Kim, D., and Zhou, L. Integrated Access Control and Intrusion Detection for Web Servers. In IEEE Transactions on Parallel and Distributed Systems, 14, 9 (Sept. 2003), 841-850. Google ScholarDigital Library
- Skogsrud, H., Benatallah, B., and Casati, F. Model-driven trust negotiation for Web services. IEEE Internet Computing, 7, 6 (Nov./Dec. 2003). Google ScholarDigital Library
- Winsborough, W. and Li, N. Towards Practical Automated Trust Negotiation. In Third International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA, June 2002. Google ScholarDigital Library
- Winsborough, W.H., Seamons, K.E., and Jones, V.E. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition, Volume 1, Hilton Head, SC, 2000, 88-102.Google Scholar
- Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., and Yu, L. Negotiating Trust on the Web. IEEE Internet Computing, 6, 6 (Nov./Dec. 2002). Google ScholarDigital Library
Index Terms
- Adaptive trust negotiation and access control
Recommendations
Denial of service attacks and defenses in decentralized trust management
Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive ...
Membership-Based Access Control for Trust Negotiation in Open Systems
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02Nowadays applications are mostly service oriented and cross-boundary, entities involved in the access control process are usually unfamiliar, so traditional access control mechanism, which basically uses the identity of the involved entities to control ...
Enhancing grid security by fine-grained behavioral control and negotiation-based authorization
Nowadays, Grid has become a leading technology in distributed computing. Grid poses a seamless sharing of heterogeneous computational resources belonging to different domains and conducts efficient collaborations between Grid users. The core Grid ...
Comments